ZeroCleare (ba5668b0-18fe-513f-b3a7-93e16243d185)
ZeroCleare is a wiper malware that has been used in conjunction with the RawDisk driver since at least 2019 by suspected Iran-nexus threat actors including activity targeting the energy and industrial sectors in the Middle East and political targets in Albania.[Microsoft Albanian Government Attacks September 2022][CISA Iran Albanian Attacks September 2022][Mandiant ROADSWEEP August 2022][IBM ZeroCleare Wiper December 2019]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| OilRig (d01abdb1-0378-4654-aa38-1a4a292703e2) | Tidal Groups | ZeroCleare (ba5668b0-18fe-513f-b3a7-93e16243d185) | Tidal Software | 1 |